Steven is an expert in this area, but there is also some good information in the IBM document:
http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/FRAMESET/F1A1B391/2.3.4.1?SHELF=F1A1BKB1&DT=20100121150057 See "Steps for<http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/F1A1B391/2.3.4.1.3?SHELF=F1A1BKB1&DT=20100121150057&FS=TRUE&ScrollTOP=HDRWQ678#HDRWQ678> controlling user access to the FTP server" in topic 2.3.4.1.3<http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/F1A1B391/2.3.4.1.3?SHELF=F1A1BKB1&DT=20100121150057&FS=TRUE&ScrollTOP=HDRWQ678#HDRWQ678> )." You might also consider using a "port of entry" (the TERMINAL CLASS), to restrict access by IP address. Kirk Wolf Dovetailed Technologies http://dovetail.com On Fri, Jun 8, 2012 at 7:41 AM, Steven St.Jean <sstj...@sdsusa.com> wrote: > Jake, > > I do not use FTCHKPWD, but I use FTCHKCMD to control user access (and lots > of other things). I preferred FTCHKCMD, because I found I could accomplish > everything that FTCHKPWD allowed me to do and more, and it shares a > scratchpad with FTPOSTPR. > > The server exits are pretty easy to install and test. You can use a > STEPLIB > in your FTP server proc and put the exits in there. Changes are picked up > right away, since the FTP server spawns a new address space for each > session. Just assemble and link your exit to the STEPLIB library and > connect to the server. > > The exits need to be in an APF authorized library, and must be > program-controlled, like this: > > RDEF PROGRAM FTCHKCMD ADDMEM ('LOAD.LIBRARY.NAME'/volser /NOPADCHK) > UACC(READ) > SETR WHEN(PROGRAM) REFRESH > > Failure to do this will result in messages like this to the console: > > ICH420I PROGRAM FTCHKCMD FROM LIBRARY LOAD.LIBRARY.NAME CAUSED THE > ENVIRONMENT TO BECOME UNCONTROLLED > BPXP014I ENVIRONMENT MUST BE CONTROLLED FOR DAEMON (BPX.DAEMON) > PROCESSING. > > You can make SAF (RACROUTE) calls from the exits. > > The number of parameters passed to the exits can change from release to > release, so be sure to check the second parameter, which tells you how many > parameters are passed. > > Hope this helps. > > Steven St.Jean > http://sdsusa.com > > > > -----Original Message----- > > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On > > Behalf Of Jake anderson > > Sent: Friday, June 08, 2012 6:05 AM > > To: IBM-MAIN@bama.ua.edu > > Subject: Controlling the FTP server - FTCHKPWD > > > > Dear List, > > > > Good Day !! > > > > To control the FTP server we know we can use FTCHKPWD user exit. Has > > anyone used this EXIT at your shop to control the FTP access ? Just > > wanted to understand the method to install this exit and control only > > the specified user gaining access to FTP server running on Z/OS. > > > > Environment : Z/OS 1.8 > > > > Resource link : > > http://publib.boulder.ibm.com/infocenter/zos/v1r11/index.jsp?topic=/com. > > ibm.zos.r11.halz002/f1a1b391185.htm > > > > Any comments or suggestions would help a lot > > > > Jake > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, send > > email to lists...@bama.ua.edu with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
